For those who don't know WhisperYAFFS is the encrypted filesystem used by the WhisperCore Custom Rom. The Source Code was released but I have notice not much has been done to port it over to the GNex or JellyBean/ICS for that matter.
What I want to do is port WhisperYAFFS over to ICS/JB. Since whispersys was bought by twitter they have slowly been open-sourcing their old apps but Whispercore still has not surffaced. A lot of users (myself included) don't feel comfortable with Google's implementation of encryption on android (AES-128 Bit and only 16 Char password).
The main difficulty is getting WhisperYAFFS running under ICS/JB. Once that's done we need a GUI for password entry at boot (The original was never open-sourced) and a hardened kernel for protection against exploits (Like GrSecurity or FuguMod).
If anyone is working on this or wants to help please let me know either here or via PM. I have some work in progress but I need help to make this a reality.
WhisperYAFFS: https://github.com/WhisperSystems/WhisperYAFFS
I'll second that...
I completely agree. While I am not a developer, this is the sort of project I would be more than willing to put several hundred dollars into to spur development. I think it is vital that there be an effective whole-device-encryption scheme for the Android Kernel which is based on 256 AES (or better) and utilizes a user provided key at boot time which is completely sperate from the "unlocking" functions during normal use.
While not strictly part of any WhisperYAFFS project, I would also like to see of hardening security features in the OS as well. A system with true whole-device-encryption is of course at it's most secure state when powered off. While on, even locked, there is always the possibility to exploit weaknesses in the OS. To that end, security features which power down the device without warning become an effective way to thwart an adversary. This auto-power-off should happen after too many failed attempts to unlock it and there also needs be a "dead man's switch" that shuts the device down should the unit not be "unlocked" after a configurable period of time.
mckinleytabor said:
I completely agree. While I am not a developer, this is the sort of project I would be more than willing to put several hundred dollars into to spur development. I think it is vital that there be an effective whole-device-encryption scheme for the Android Kernel which is based on 256 AES (or better) and utilizes a user provided key at boot time which is completely sperate from the "unlocking" functions during normal use.
While not strictly part of any WhisperYAFFS project, I would also like to see of hardening security features in the OS as well. A system with true whole-device-encryption is of course at it's most secure state when powered off. While on, even locked, there is always the possibility to exploit weaknesses in the OS. To that end, security features which power down the device without warning become an effective way to thwart an adversary. This auto-power-off should happen after too many failed attempts to unlock it and there also needs be a "dead man's switch" that shuts the device down should the unit not be "unlocked" after a configurable period of time.
Click to expand...
Click to collapse
This is exactly what I want. I want 'x' number of wrong password to wipe/poweroff the device and a duress password. I have been working on a geofencing solution so if the phone leaves a set area it auto-powers down.
x942 said:
This is exactly what I want. I want 'x' number of wrong password to wipe/poweroff the device and a duress password. I have been working on a geofencing solution so if the phone leaves a set area it auto-powers down.
Click to expand...
Click to collapse
This would be a great feature i admit
THIS. IS. NEXUS.
Just Checking in...
I thought I would post another reply just to float this post back up to the top.
Does anyone have any new leads on promising projects that will implement a robust full-device-encrypt system on phones and tablets running JellyBean? (not the poorly implemented device encryption that started in ICS)
I was dead serious in my post about putting up a bounty for this. Is there a good clearing house for us un-programers to pony up collective cash to get something like this done?
Thanks.
This should be high priority
I can't believe google hasn't given this any attention and instead gave us a half-butted home directory/data semi-encryption that is vulnerable to being cracked by consumer obtainable fpga tech. When we finally do get someone like moxie working on real solutions, he disappears with a fat salary into corporate america, albeit twitter and they're kind of cool, but then all development stops and only pieces are release to the public.
I'm all for this. Wish I'd done development in this area so I could jump right in. Hope this bumps the thread n someone with experience in this notices.
I know the corporate world is begging for this and wont let us use android for a lot of stuff as a result. So this could gain some real notice for any devs participating.
Hope for WhisperCore
I came across a Tweet from Moxie Marlinspike that seems to indicate that he is restarting work on WhisperCore.
https://twitter.com/moxie/status/301948885398585346
Text: @x942_dev We're getting WhisperCore started again, are you interested in working on that as well?
dicknixondick said:
I can't believe google hasn't given this any attention and instead gave us a half-butted home directory/data semi-encryption that is vulnerable to being cracked by consumer obtainable fpga tech. When we finally do get someone like moxie working on real solutions, he disappears with a fat salary into corporate america, albeit twitter and they're kind of cool, but then all development stops and only pieces are release to the public.
I'm all for this. Wish I'd done development in this area so I could jump right in. Hope this bumps the thread n someone with experience in this notices.
I know the corporate world is begging for this and wont let us use android for a lot of stuff as a result. So this could gain some real notice for any devs participating.
Click to expand...
Click to collapse
The encryption is actually fine by all means. The only issue really is that it doesn't encrypt the whole phone or use 256bit (not huge as 128 bit is technically enough but why settle for less?).
mckinleytabor said:
I came across a Tweet from Moxie Marlinspike that seems to indicate that he is restarting work on WhisperCore.
https://twitter.com/moxie/status/301948885398585346
Text: @x942_dev We're getting WhisperCore started again, are you interested in working on that as well?
Click to expand...
Click to collapse
Yes he did tweet but I have yet to hear any more from him... My project is going to be out soon. It's hasn't fixed encryption yet but it does address the issue of exploits by hardening the kernel with GRSecurity and adding in some other stuff.
Related
Hey guys (mostly the senior/mod/admin folks, but anyone feel free to chime in). Could XDA implement vBulletin's (I think there is an official plugin/option... I may be wrong about this though; I cannot say for sure since I am not an admin on any site that uses vBulletin, $user = phpbbWhore reputation system? If it's not built into the latest version of the code, I'm sure there is a 3rd party plugin available from VBulletin's official site (I know of at least a few of those that exist and would help if needed).
My thought behind this is that sometimes someone posts some really useful information and adding a reply that says something like "+1 thanks!" almost seems like a waste of a post to me (I really dislike "filler"/OT threads, but I still want to give the person credit). However if I was able to give a person a point (+) or if someone was just being a jerk for no reason (-), I think more people would take the time to think before they posted. Plus, since we know "post count" mean nothing in terms of someone being a helpful person or not, this would allow new users to spot trustworthy/reliable folks.
My only qualm is that I don't know if XDA as a whole is mature enough to use this kind of system responsibly, but I have faith that any real abusers could be weeded out fairly quickly. I think it would be cool to at least trial run this. Thanks for your time .
Hi DeeBG,
Yeah, it's good idea generally, thou i'd prolly advocate XDA going a step further right off the bat, and implementing a point trading system as a supplement to the donate buttons, especially for those without easy access to paypal credit.
Reputation has issues when someone on the fringe of the group is battered down for being different. Like imagine someone says "Let's make an iPhone section!". They might lose a years reputation in like a day. At least with a point trading system you're dealing with actual assistance or virtual services, rather than base emotional responses or crowd bullying.
I'm still learning about XDA's donate system, which seems fairly arbitrary or opaque. Maybe someone can explain how well that system is working out so far.
Cheers.
Reputation is built into vB, looks like they opted to turn it off. Good thing, every forum I've been a part of / admin'd, it's been abused.
I7redd said:
Reputation has issues when someone on the fringe of the group is battered down for being different. Like imagine someone says "Let's make an iPhone section!". They might lose a years reputation in like a day. At least with a point trading system you're dealing with actual assistance or virtual services, rather than base emotional responses or crowd bullying.
Click to expand...
Click to collapse
The reputation system only works through "thanks", doesn't it? So your reputation cannot get worse, but only better.
I7redd said:
I'm still learning about XDA's donate system, which seems fairly arbitrary or opaque. Maybe someone can explain how well that system is working out so far.
Click to expand...
Click to collapse
It's not much of a system - you can donate directly to xda, which will help cover costs of running the servers, or you can donate to individuals (like me ) whose work you like.
Well there are really two types of systems. One is where you can give a thumbs up or thumbs down on a comment (sometimes represented by a [+] or [-] sign), and then there is the "Thanks" system, as seen on such sites as http://androidforums.com.
I agree that the first system can and sadly usually is abused (I think I saw it work well on one private torrent site I used to belong to a long time ago). There is a somewhat "pack mentality" that some users can fall into, whether someone is "outed" (falsely or not) for being an abuser of the forums or sometimes members are found "guilty by association".
I would like to see at least a "Thanks" system in place, again the folks at androidforums.com (which I'm sure at least some of you are also members at or at least have been directed to a post there before) have this successfully working within their vBulletin-powered site and would happy to help XDA admins if needed (not that I don't have faith in the XDA site owners/coders, you guys are pretty awesome yourselves =p). Of course I would be happy to lend my ~10 years of PHP/MySQL/etc experience to the process if it'd help.
I would start a public poll, but I think it's really in the interests of the site owners (also they can probably setup a more wide-spread poll than I can if they want public opinion).
Your friend in code,
DeeBG =)
I think it would be good to show appreciation to other users but It would be abused knowing that you can knock down someone's reputation (last thing we need is more flaming)
Captainkrtek said:
I think it would be good to show appreciation to other users but It would be abused knowing that you can knock down someone's reputation (last thing we need is more flaming)
Click to expand...
Click to collapse
Yeah, that's why I think a system where you can ONLY give thanks would be cool. Again, forum admins, let me know if you need any assistance getting it up and working (it shouldn't add a performance performance hit to the backend database/system... the php code would be very light and the mysql db would maybe grow a few hundred kB since users without thanks wouldn't have any data).
Developer Bidding...
Livven said:
The reputation system only works through "thanks", doesn't it?
Click to expand...
Click to collapse
Still open to cheating using multiple accounts to "Thank" themselves here and there and everywhere.
It's perhaps harder to gain anything with requests from yourself, and gifting points to yourself, while offering up public solutions. Thou i wouldn't put it past someone to try.
It's not much of a system - you can donate directly to xda, which will help cover costs of running the servers, or you can donate to individuals (like me ) whose work you like.
Click to expand...
Click to collapse
Hmm... There seems to be a growing trend on XDA towards "donation requests" or "developer bidding" in certain forums. (see Xperia x10 Froyo request topic for example).
It involves people collectively posting that they will each donate a small amount to their favorite cause. (Android on Samsung Wave being another good example)
The current running tallies of offered donations is also interesting idea, thou there is some concern that those who have offered to donate $10 or $20 dollars will actually do so once the developers have done their magic.
Again, the opaque or arbitrary nature of hidden donations is a problem here.
Without going as far as escrow payments system (for requests that could likely need time limits and a refund), a basic "pre-paid" point system should work pretty well. For instance, once a task is completed the points could then be traded back for paypal dollars, completing the "circle of trust".
Any other ideas on this?
(or is there already an active "services" marketplace here somewhere that i've perhaps overlooked?)
Has anyone tried it yet, what was the outcome?
Is it possible?
Please share your ideas, views and suggestions here.
I think i read somewhere about it, but the project is not continue, unfortunatelly :/
search, maybe you'll find something
Hey Abhishek...
Why do you need to create another thread...??
There are two ongoing threads on the same topic... And if you are interested please head on to those to find out the info about porting android on bada..
Dont create unnecessary threads.... I suggest delete this... or after sometime all we will see in the Bada Section is useless threads....
*facepalm*
Read other topics WWW.ANDROIDPORT.NEt there is the wavedroid project.
Go away and come back when you have some progress for us wavedroid.
Still wondering if wavedroid is a money making exercise or a genuine attempt at getting Android over. The delays don't help the impression this is an exercise being led by folks more eager than actually having the skills to accomplish the task.
I'll be the first to eat my hat if this ever comes to fruition, but I won't be donating anything to something that at this point seems to have only updates on various delays.
Hows this for an interesting post on the JetDroid website...
Not sure why you need the expensive software, it is nice and would help but 95% of the works is already completed for you guys.
To start:
Look for phones with same hardware then use that parts from their android and put the parts into a custom version. You can reuse the /sbin and /system folders from the android sdk virtual machine or if you want better performance use the /sbin and /system of a similar hardware phone android version and just add your init , init.rc , zimage and package this into a rom or dual boot like we do.
CPU:
The wave / Samsung-Intrinsity S5PC110 cpu is much more supported than our s3c6410 and used even by Apple so look at idroid , samsung crespo , HTC 4G android , samsung i9000 for sources for your android files to start from.
Screen:
The screen is possibly the same as S8000 or Spica, wave 3.3" the rest is in other samsung opensource files you just need to mix and match parts.
Obstacles:
The biggest problem might be the cpu and screen + andreno or powervx or Mali display driver but android.so will work until you get to the video driver.
Camera:
Camera is in M910 samsung opensource files / other 5MP camera, there is only a few 5MP camera from that samsung uses so might need to work on the code if you can not find it from a same camera android phone version that is already working.
Now make a good WaveDroid version:
Once you have all this and have it working then you can build a clean custom version of android optmized for your phone. CM for HTC 4G phones might work with almost no or little changes possibly just in the kernel.
The samsung opensource website has the SCH-W850 / SPH-W8500 / SPH-W8550 , this could share some hardware with Samsung Wave as well, similar number codes. Look for a recent code release nov/dec 2010 or later.
Click to expand...
Click to collapse
After reading that, I felt I could almost make an android port myself lol. Clearly there are some very knowledgeable and experienced persons out there.
What really bugs me is the Wavedroid folks have been asking for money for months, yet have shown not a shred of proof they have accomplished anything. Secondly, folks have been asking (rightfully so), why you have not implemented a Paypal widget so people can see just how much money you have raised so far. I know you are using illegal software and thus don't want to let everyone into your inner circle to see the progress, but you have shown and proved absolutely nothing. There are more doubts than positive feelings at the moment.
Please don't let this thread grow to one of two-three pages which is worth nothing, there is already another one just for this purpose
Android port is stuck because programmers dont have any programm to edit the bootloader of wave,so they can not do the port...
If anyone knows any free programm to edit ARM 7 files (like IDA 5.7) please give it to them.
But if nobody knows any programm for this case the have to wait until they have enough money form donations to buy the IDA 5.7
(sorry for my english)
This is outrageous, the fact that you need commercial tools to do what your looking to do clearly denotes your level of incompetence. Look at idroid. i didnt see them asking people for money to buy tools?? And i would say that Apple did a much better job locking down the i range then samsung did with the Wave. If you have stumbled at the starting block just forfeit the race.
Prove to us that you know what the f**k your doing and then you can have your donations.
Generally i supported this project, but then you asked for money. Money changes everything.
sabianadmin said:
This is outrageous, the fact that you need commercial tools to do what your looking to do clearly denotes your level of incompetence. Look at idroid. i didnt see them asking people for money to buy tools?? And i would say that Apple did a much better job locking down the i range then samsung did with the Wave. If you have stumbled at the starting block just forfeit the race.
Prove to us that you know what the f**k your doing and then you can have your donations.
Generally i supported this project, but then you asked for money. Money changes everything.
Click to expand...
Click to collapse
I agree with U
Asking for money, without providing any scrap of proof that anything is even going on, is what irks people here. Not even a simply paypal donation widget exists so folks can see what the $ count is too.
Too many red flags on this one. I know I'm not the first to ask for proof, or even just something other than "we are working it, it'll be done soooooon, give us all your moneys roflwtflolbbq"
So many other android ports happened without need for this software. And also may I point out what seems total ineptitude on the wavedroid team's part. The Galaxy S contains pretty much the identical hardware as the Wave does. In fact you find me a phone that has identical hardware, one running android, the other something else, and tell me we already have as near an android phone as you're going to get. Compared to other port projects, this should have been done in a weekend to be honest.
wavedroid are bogus, and will accomplish nothing just like all the so called Android to Wave projects and groups previously.
I agree with sabian. I don't know a **** about how difficult or easy is this, but i'm pretty sure that there are good developers around here. Why couldn't you start a new project?
I aggre with you guys,it is very odd that they ask for money without doing anythink...
I just posted that if you know any free software that works with ARM7 files it would be good to inform then...
But they have a very good reason to ask for money because if they can not edit the bootloader they can not load anythink else from bada...if they do that the project it would be almost done because wave and galaxy s have similar hardware so with some fixes to scripts they will have a very good androidport to wave..
Original Article
BackgroundI don't believe that I need to introduce myself, but if I do my name is P3Droid. I am a phone enthusiast and have been working in the Android platform for 17 months. I have been very lucky in my short time on the Android platform. I think more than anything I have been lucky enough to be in the right places at the right times. The day I first saw and played with the Droid (OG) I thought “that is the ugliest damn phone I've ever played with”. Then I was asked back into the store by my friend (nameless) to get some time with the Android platform and he began to explain to me how open the phone was and how a “smart” person could do anything they wanted to the phone. That turned what I thought was an ugly phone into the sexiest beast ever. I guess that was approximately October of 2009, and I was excited about the possibilities and dove right in without checking the depth of the water.
I spent much of the year on an open phone and an open platform, and sometime in July I picked up a Droid X. I soon found a great bunch of friends and we formed Team Black Hat. Really wanting to break the bootloader, we spent more hours working on it than we did our 9 – 5 jobs. Eventually we came to the conclusion (with help from some unique resources), that we were not going to accomplish our objective. Every so often we still pluck away at it, but we have moved on to other things that will help people enjoy their Droid phones.
Fast forward to October 2010. I'm still in love with the concept of android, and I've done more than my share of developing, themeing, creating ROMS and even hacking. *Having been involved in so many things and having developed some unique contacts, I have been privy to information that is not disseminated to the masses. Some of this information I was asked to sit on. Some information I sat on because I felt it was best to do so for our entire community. You have probably seen me rant on occasion about what I thought the community was doing wrong and causing itself future pain. Each of those days I had received even more disheartening information. So where does this leave me? It leaves me with a difficult choice to make. What to tell, how much to tell, and do I want to give information out that could possible be slightly wrong. I've worked very hard to verify things through multiple sources, when possible, and some other information comes from sources so reliable that I take them at their word.
This brings me up to today. I've tossed and turned regarding how to say this, and how to express all of the information and my feelings in regards to this information. I guess the solution is to just let you all decide for yourselves what you think and what you want to do.
One Shoe Falls
Beginning in July, we (TBH), began hearing things about Motorola working on ways to make rooting the device more difficult. This was going to be done via Google through the kernel. No big deal we thought, the community always finds a way. When Froyo was released and there was no root for some time we became a bit concerned but soon there was a process and even 1-clicks. This was good news and bad news to me, because it simply meant that they would go back to the drawing board and improve upon what they had done.
During this time there were still little rumors here and there about security of devices, and other such things but nothing solid and concrete. Until November.
The Other Shoe Falls
Beginning in October, the information began coming in faster and it had more of a dire ring to it. It was also coming in from multiple sources. I began to rant a little at the state of our community, and that we were the cause of our own woes. So what did I hear?
1. New devices would present challenges for the community that would most likely be insurmountable, and that Motorola specifically – would be impossible to hack the bootloader. Considering we never hacked the previous 3G phones, this was less than encouraging.
2.Locked bootloaders, and phones were not a Motorola-only issue, that the major manufacturers and carriers had agreed this was the best course of action.(see new HTC devices)
3. The driving forces for device lock down was theft of service by rooted users, the return of non-defective devices due to consumer fraud, and the use of non-approved firmware on the networks.
I think I posted my first angry message and tweet about being a responsible community soon after getting this information. I knew the hand writing was on the wall, and we would not be able to stop what was coming, but maybe we could convince them we were not all thieves and cut throats.
Moving along, December marked a low point for me. The information started to firm up, and I was able to verify it through multiple channels. This information made the previous information look like a day in the park. So what was new?
1. Multiple carriers were working collaboratively on a program that would be able to identify rooted users and create a database of their meids.
2. Manufacturers who supply Verizon were baking into the roms new security features:
a. one security feature would identify any phone using a tether program to circumvent paying for tethering services. (check your gingerbread DroidX/Droid2 people and try wireless tether)
b. a second security feature would allow the phone to identify itself to the network if rooted.
c. security item number 2 would be used to track, throttle, even possibly restrict full data usage of these rooted phones.
The Rubber Meets the Road
So, I wish I had more time to have added this to the original post, but writing something like this takes a lot of time and effort to put all the information into context and provide some form of linear progression.
Lets get on with the story. March of this year was a monumental month for me. The information was unsettling and I felt as if we had a gigantic bulls-eye on our backs.
This is what I have heard:
1. The way that they were able to track rooted users is based on pushing updates to phones, and then tracking which meid's did not take the update. There is more to it than this but that is the simple version.
2. More than one major carrier besides Verizon has implemented this program and that all carriers involved had begun tracking rooted phones. All carriers involved were more than pleased with the accuracy of the program.
1. What I was not told is what the carriers intended to do with this information.
3. In new builds the tracking would be built into the firmware and that if a person removed the tracking from the firmware then the phone would not be verified on the network (i.e. your phone could not make phone calls or access data).
4. Google is working with carriers and manufacturers to secure phones, and although Google is not working to end hacking, it is working to secure the kernel so that no future applications can maliciously use exploits to steal end-user information. But in order to gain this level of security this may mean limited chances to root the device. (This item I've been told but not yet able to verify through multiple sources – so take it for what you want)
5. Verizon has successfully used its new programs to throttle data on test devices in accordance with the guidelines of the program.
6. The push is to lock down the devices as tight as can be, but also offer un-lockable devices (Think Nexus S).
The question I've asked is why? Why do all this; why go through so much trouble. The answer I get is a very logical one and one I understand even if I don't like it. It is about the money. With LTE arriving and the higher charges for data and tethering, carriers feel they must bottle up the ability of users to root their device and access this data, circumventing the expensive tethering charges.
What I would like to leave you with is that this is not an initiative unique to Verizon or Motorola, this is industry wide and encompassing many manufacturers.
So what does all this mean? You will need to make your own conjectures about what to think of all of this. But, I think that the rooting, hacking, and modding community - as we know it - is living on borrowed time.
In the final analysis of all this I guess I'll leave you with my feelings:
I will take what comes and turn it into a better brighter day, that is all I can do because I do not control the world.
Disclaimers:
I am intentionally not including any names of sources as they do not want to lose their jobs.
This information is being presented to you as I have received and verified it. *
I only deal with information pertaining to US carriers and have no specific knowledge concerning foreign carriers.
Click to expand...
Click to collapse
Thoughts? Is there a future for Rooting?
Before you start to think I am about to scream "GPL, GPL, GPL," stop for a second, take a deep breath, and sympathize with the thousands of power users and developers who have been left in the dark and/or ignored in regard to their device being partially unlocked with a seeming false advertisement. This is an opinionated piece in the regard of actually getting what we asked for and were promised to receive.
Not long ago, users and developers alike relied heavily on hackers and logic to achieve S-OFF to get the full experience of their desire for a great(er) experience on their Android phone. Some people buy an overlay device like HTC with Sense, Motorola with Blur, and so on, knowing what entails when they get it, but they anticipate running a stock experience or a heavily optimized build from one of the developers in this community. Recently we took a moment to talk with ToastCFH and Dees_Troy from TeamWin, who are responsible for HTC Dumlock. HTC Dumlock makes the unlocked device further accessible for a few more phones.
Last week we purchased some T-Mobile One S units for our developers and one of them was chosen to go for a test drive and to try out HTC Dev Bootloader Unlock. This is where we got to know each other and a bit more about HTC's online utility, which nonetheless has disappointed thousands more than just a bit. I am going to let everyone know now: do not plan on just stopping at rooting this and calling it a day, I tried to remove bloat with Root Explorer and came to a brick wall of denial. I found out you also cannot flash custom kernels in recovery mode.
"What is affected in retrospect when I unlock?" Let me answer that: It actually cripples your phone. It's probably less risky to take a chance and go for an S-OFF method that could potentially brick your device. As per numerous reports, and some insight from ToastCFH and Dees_Troy, there is a plethora of issues with this process and many gripes and speculation just coming from myself.
A cobb without a Kernel: Flashing a kernel is similar to trying out walking on coals. You have to do the following (coming from ToastCFH at XDA):
fastboot boot recovery alternaterecovery.img
Here's some thought: If you flash a crap/test kernel that doesn't boot, not only can you not pull the battery you have to relentlessly use your power button to get yourself out of the mess to get the phone to shut off (HTC One series). The reason you can do it through "booting" recovery as opposed of using the one you flashed: The boot method is actually using the boot/temp partition, which in the end, is not really the boot partition.
HTC, why are you doing this? Aren't you supposed to be trying to deter users from chasing exploits and trying to gain S-OFF? It sure doesn't seem like it. From this perspective, it seems you will be are pissing off and running away potential customers instead. The image you see above is the warning you receive in HBOOT after unlocking the device via HTC Dev. Note that it doesnt say "unlocked" but a very menacing "Tampered," a word that carries a different set of connotations altogether.
All your system are belong to HTC: ROM Manager uses a script to replace your recovery while in Android. The slight issue is, it requires root. Root is the center of the development universe when it comes to ROMs, kernels, mods and the likes of the bunch. HANDS DOWN, most of the alterations you make to your phone while booted in Android utilize root and the system partition. This is not only a P.I.T.A., it can be a deal-breaker. I will get to that point in a bit. First, let's take a look: How do I tinker with something if the manufacturer tells me I can but in reality I can't? Conundrums. It's amazing: You cannot remove the bloat from your phone, you cannot replace the recovery and you sure cannot replace the boot image while booted in Android/Sense.
Radio killed the kernel dev star: Yes, radio. Those cool P*IMG.zip files you flash in HBOOT, that's out the window... Unless you get an RUU (ROM Update Utility) and go back to the stock firmware. With older HTC devices with S-OFF, you could slap a P*IMG.Zip (essentially a firmware/radio update in HTC's update.zip format) on the SD card and boot into HBOOT. It would check and flash it for you. That whole proces is gone; this entire process of being able to do this on the mobile side is now gone. You will now need a computer to flash the file.
To need or not to need... That is the question: Toast brings up another excellent point: If these measures have to be in place (maybe due to carrier request) why not provide the proper documentation to support the device? We're pretty sure when someone unlocks this device they understand they are giving up any firmware support from HTC.
Then why not give us documentation or utilities to flash fimware.zips from recovery like HTC does? When HTC was the proud Nexus device there was full support and documentation available on how to flash firmware on their devices. This made anyone choosing an HTC device blessed with knowing that their device was not only open and unlocked, but when flashing firmware that it was being flashed correctly to Google and HTC's standards. This code has now been moved out of recovery since right before the move to edify scripting and moved to vendor/htc/ (not arguing this choice as thats where it belongs from a maintaining point of view). But the problem is that vendor/htc is proprietary now. Which means Documentation and support for flashing firmware correctly is not available and left to developers of recoveries for the community to figure out. One would think if HTC was standing behind us that they would step up and give us a PROPER/OPEN/REAL unlock, or if they cant for the lame excuse of security concerns, then give us the documentation and utilities to flash the boot and firmware partitions properly. I mean really... what is there to lose there?
- ToastCFH
An excellent point, and most of you will probably agree with his bomb of logic. At the end of the day, he is right; the unlock method is crap and we find it more of a hinderance and crippling intent rather than a compliance to the developer community who has made them the number one development device for so long. Recently Samsung has taken the torch and led its dedicated developers with fulfilled promises and standards.
HTC, why would you do this? That is far too easy. Clarification, reason, justification, etc., it isn't needed. It's about doing the right thing. HTC has kept the proverbial sprinklers on and now the unlock tool is watered down. My advice for the power user/modder/dev is that this tool is essentially useless. We have been the number one spot for developer support by giving free devices to developers and UI designers to make the device even more fun and unique. We will continue to support, drive, and advocate open development on a supposedly open platform and follow those who make it what it is today. With that being said, it makes us skeptical in giving devices to people that HTC seems to have set a navigation route to Failure Avenue, and know that the developer on hand won't feel shorted. HTC, let us own our devices. Some love the hardware, some love the software, but in the end we love Android.
Lastly, GPL. It is is not made to stretch the maximum time available and take your time. It is probably a good suggestion to set up an HTC gitweb or something of the nature to ensure that when the device is available, the developers that you "support" so much can have free reign at improving your device and moving forward at their own pace. That making the final connection to the developer house, letting the user and developer free you from providing software support. Release the source, fully alert and vigilant. We know it takes time to clean code, but the One X (international) community could really use some tasty kernel source code right about now.
One last note: HTC may not be able to further assist with the firmware/software/OS once unlocked, but you can still support your hardware by giving some documentation on how to proceed with an unlocked device. Giving someone a flashlight with no batteries in a dark house isn't an ideal method of answering our call.
Sincerely,
Your Customer.
If you read this, please take a moment and support your developers and modders that enhance your phone life everyday, by tweeting, sharing or posting on Facebook the following quote:
" @HTC we want our phones back! http://tinyw.in/LNSn "
Thanks to everyone who has read and contributed to this piece.
****
My contribution.
I made it about 60% through and I still don't see s-off released. ;p
acer73 said:
Before you start to think I am about to scream "GPL, GPL, GPL," stop for a second, take a deep breath, and sympathize with the thousands of power users and developers who have been left in the dark and/or ignored in regard to their device being partially unlocked with a seeming false advertisement. This is an opinionated piece in the regard of actually getting what we asked for and were promised to receive.
Not long ago, users and developers alike relied heavily on hackers and logic to achieve S-OFF to get the full experience of their desire for a great(er) experience on their Android phone. Some people buy an overlay device like HTC with Sense, Motorola with Blur, and so on, knowing what entails when they get it, but they anticipate running a stock experience or a heavily optimized build from one of the developers in this community. Recently we took a moment to talk with ToastCFH and Dees_Troy from TeamWin, who are responsible for HTC Dumlock. HTC Dumlock makes the unlocked device further accessible for a few more phones.
Last week we purchased some T-Mobile One S units for our developers and one of them was chosen to go for a test drive and to try out HTC Dev Bootloader Unlock. This is where we got to know each other and a bit more about HTC's online utility, which nonetheless has disappointed thousands more than just a bit. I am going to let everyone know now: do not plan on just stopping at rooting this and calling it a day, I tried to remove bloat with Root Explorer and came to a brick wall of denial. I found out you also cannot flash custom kernels in recovery mode.
"What is affected in retrospect when I unlock?" Let me answer that: It actually cripples your phone. It's probably less risky to take a chance and go for an S-OFF method that could potentially brick your device. As per numerous reports, and some insight from ToastCFH and Dees_Troy, there is a plethora of issues with this process and many gripes and speculation just coming from myself.
A cobb without a Kernel: Flashing a kernel is similar to trying out walking on coals. You have to do the following (coming from ToastCFH at XDA):
fastboot boot recovery alternaterecovery.img
Here's some thought: If you flash a crap/test kernel that doesn't boot, not only can you not pull the battery you have to relentlessly use your power button to get yourself out of the mess to get the phone to shut off (HTC One series). The reason you can do it through "booting" recovery as opposed of using the one you flashed: The boot method is actually using the boot/temp partition, which in the end, is not really the boot partition.
HTC, why are you doing this? Aren't you supposed to be trying to deter users from chasing exploits and trying to gain S-OFF? It sure doesn't seem like it. From this perspective, it seems you will be are pissing off and running away potential customers instead. The image you see above is the warning you receive in HBOOT after unlocking the device via HTC Dev. Note that it doesnt say "unlocked" but a very menacing "Tampered," a word that carries a different set of connotations altogether.
All your system are belong to HTC: ROM Manager uses a script to replace your recovery while in Android. The slight issue is, it requires root. Root is the center of the development universe when it comes to ROMs, kernels, mods and the likes of the bunch. HANDS DOWN, most of the alterations you make to your phone while booted in Android utilize root and the system partition. This is not only a P.I.T.A., it can be a deal-breaker. I will get to that point in a bit. First, let's take a look: How do I tinker with something if the manufacturer tells me I can but in reality I can't? Conundrums. It's amazing: You cannot remove the bloat from your phone, you cannot replace the recovery and you sure cannot replace the boot image while booted in Android/Sense.
Radio killed the kernel dev star: Yes, radio. Those cool P*IMG.zip files you flash in HBOOT, that's out the window... Unless you get an RUU (ROM Update Utility) and go back to the stock firmware. With older HTC devices with S-OFF, you could slap a P*IMG.Zip (essentially a firmware/radio update in HTC's update.zip format) on the SD card and boot into HBOOT. It would check and flash it for you. That whole proces is gone; this entire process of being able to do this on the mobile side is now gone. You will now need a computer to flash the file.
To need or not to need... That is the question: Toast brings up another excellent point: If these measures have to be in place (maybe due to carrier request) why not provide the proper documentation to support the device? We're pretty sure when someone unlocks this device they understand they are giving up any firmware support from HTC.
Then why not give us documentation or utilities to flash fimware.zips from recovery like HTC does? When HTC was the proud Nexus device there was full support and documentation available on how to flash firmware on their devices. This made anyone choosing an HTC device blessed with knowing that their device was not only open and unlocked, but when flashing firmware that it was being flashed correctly to Google and HTC's standards. This code has now been moved out of recovery since right before the move to edify scripting and moved to vendor/htc/ (not arguing this choice as thats where it belongs from a maintaining point of view). But the problem is that vendor/htc is proprietary now. Which means Documentation and support for flashing firmware correctly is not available and left to developers of recoveries for the community to figure out. One would think if HTC was standing behind us that they would step up and give us a PROPER/OPEN/REAL unlock, or if they cant for the lame excuse of security concerns, then give us the documentation and utilities to flash the boot and firmware partitions properly. I mean really... what is there to lose there?
- ToastCFH
An excellent point, and most of you will probably agree with his bomb of logic. At the end of the day, he is right; the unlock method is crap and we find it more of a hinderance and crippling intent rather than a compliance to the developer community who has made them the number one development device for so long. Recently Samsung has taken the torch and led its dedicated developers with fulfilled promises and standards.
HTC, why would you do this? That is far too easy. Clarification, reason, justification, etc., it isn't needed. It's about doing the right thing. HTC has kept the proverbial sprinklers on and now the unlock tool is watered down. My advice for the power user/modder/dev is that this tool is essentially useless. We have been the number one spot for developer support by giving free devices to developers and UI designers to make the device even more fun and unique. We will continue to support, drive, and advocate open development on a supposedly open platform and follow those who make it what it is today. With that being said, it makes us skeptical in giving devices to people that HTC seems to have set a navigation route to Failure Avenue, and know that the developer on hand won't feel shorted. HTC, let us own our devices. Some love the hardware, some love the software, but in the end we love Android.
Lastly, GPL. It is is not made to stretch the maximum time available and take your time. It is probably a good suggestion to set up an HTC gitweb or something of the nature to ensure that when the device is available, the developers that you "support" so much can have free reign at improving your device and moving forward at their own pace. That making the final connection to the developer house, letting the user and developer free you from providing software support. Release the source, fully alert and vigilant. We know it takes time to clean code, but the One X (international) community could really use some tasty kernel source code right about now.
One last note: HTC may not be able to further assist with the firmware/software/OS once unlocked, but you can still support your hardware by giving some documentation on how to proceed with an unlocked device. Giving someone a flashlight with no batteries in a dark house isn't an ideal method of answering our call.
Sincerely,
Your Customer.
If you read this, please take a moment and support your developers and modders that enhance your phone life everyday, by tweeting, sharing or posting on Facebook the following quote:
" @HTC we want our phones back! http://tinyw.in/LNSn "
Thanks to everyone who has read and contributed to this piece.
****
My contribution.
Click to expand...
Click to collapse
Done
Sent from my HTC Desire HD using Tapatalk
Done
I would share it but its got to many bad grammatical mistakes that makes its a hard read plus doesn't specifically request things like S-OFF. The sentiment surely is right though.
Wondering if it's worthwhile before I invest time in creating a Mac OS X VM + Xcode to port my android apps to iOS.
lapucele said:
Wondering if it's worthwhile before I invest time in creating a Mac OS X VM + Xcode to port my android apps to iOS.
Click to expand...
Click to collapse
just realised this may be the wrong subforum to post the above question. Could this thread be moved?
lapucele said:
just realised this may be the wrong subforum to post the above question. Could this thread be moved?
Click to expand...
Click to collapse
Actually I clicked on here thinking myself that this was for "application porting" as I came from the front page, and then it wasn't till I saw you replied to your own thread with the above that I realised? I think there is a bug in the forums, not you posting in the incorrect location?
Anyway to discuss your topic, I have recently downloaded all the necessary stuff to do as you are considering. One thing to be careful of is the fact that Apple from my understanding will give you their wrath if they find out.
Apple software is ONLY to be run on Apple hardware, If they find out (and they have their ways from what I have heard) you instantly banned for life. I guess nothing stopping you starting again, but remember your app is pulled and you kind of couldn't get away with releasing it under a different name account again later on without them knowing?
There's always the cydia market place which I hear is still fairly profitable...up until recently I wasn't even aware that is was a paid market place, I had always been of the impression that it was a hackers market for people who 1) mod their device tweak it like us android users 2) jailbroken (but stock and no alternative to iTunes) 3) People who pirate apps.
However i have learned that it has quite a following an even some developers release on both iTunes and Cydia.
Anyway just my thoughts. I am in contact with a developer that is into the whole cydia thing so if you have any questions you want answers for give me a holla
James
Jarmezrocks said:
Actually I clicked on here thinking myself that this was for "application porting" as I came from the front page, and then it wasn't till I saw you replied to your own thread with the above that I realised? I think there is a bug in the forums, not you posting in the incorrect location?
Anyway to discuss your topic, I have recently downloaded all the necessary stuff to do as you are considering. One thing to be careful of is the fact that Apple from my understanding will give you their wrath if they find out.
Apple software is ONLY to be run on Apple hardware, If they find out (and they have their ways from what I have heard) you instantly banned for life. I guess nothing stopping you starting again, but remember your app is pulled and you kind of couldn't get away with releasing it under a different name account again later on without them knowing?
There's always the cydia market place which I hear is still fairly profitable...up until recently I wasn't even aware that is was a paid market place, I had always been of the impression that it was a hackers market for people who 1) mod their device tweak it like us android users 2) jailbroken (but stock and no alternative to iTunes) 3) People who pirate apps.
However i have learned that it has quite a following an even some developers release on both iTunes and Cydia.
Anyway just my thoughts. I am in contact with a developer that is into the whole cydia thing so if you have any questions you want answers for give me a holla
James
Click to expand...
Click to collapse
wow thanks for the heads up! i've heard varying stories too. i totally didn't think of the 3rd party app stores.
lapucele said:
wow thanks for the heads up! i've heard varying stories too. i totally didn't think of the 3rd party app stores.
Click to expand...
Click to collapse
Just thought I'd mention as I only heard yesterday, but the newest edition of the app store for Apple is called AppCake for Apple. Apparently Apple is now going about systematically shutting down every 3rd party non-apple owned store including the non so legitimate suppliers of of Apple after market hardware products. That means everyone with anything that connects to an apple product that isn't apple or made by apple is a target. Geeese they don't let up do they? Developers mention that Apple will never be able to shut them down :silly: that they can and will do what they like with their iDevices cause they own them.
Oh and other thing to look out for if you go to Apple/iTunes, is this company Lodsys who are world renowned for being patent trolls who are systematically targeting individual developers for breaches in copy right for, get this......'in app purchasing' they claim that they invented it and are now suing several developers from iTunes (them personally) for using the iTunes supplied SDK for in app purchasing. Apple is doing the right thing and trying to defend these developers but the World IP org and US patents office can't do a god damned thing about it until things hurry up and get pushed through a ballot of senators to have groups like them shut down. Until then they are working their best and fastest with trying to sue as many people as they can! Unfortunately for most its a loosing battle as they don't have the money or resources to fight these bastards so they end up paying up. In an new interview I heard one company claimed it was cheeper to settle for 100K out of court than what it was to commit to defending them selves even though this group targeting them was 100% wrong.
But not meaning to scare you...or anything just keeping you filled in. Me personally I would write them a letter saying 4 words on one line followed by 4 words on a second line "Go f*%# your self" "See you in court" and go seek one of my dad's barrister friends to do it no win no fee. Screw that. I would be flaunting that I have in app purchasing sayin come at me bro
https://www.eff.org/deeplinks/2013/04/app-developers-lodsys-back
https://www.eff.org/deeplinks/2013/05/hey-patent-trolls-pick-someone-your-own-size
https://www.eff.org/deeplinks/2013/...t-patent-trolls-and-not-going-take-it-anymore
Jarmezrocks said:
Actually I clicked on here thinking myself that this was for "application porting" as I came from the front page, and then it wasn't till I saw you replied to your own thread with the above that I realised? I think there is a bug in the forums, not you posting in the incorrect location?
Anyway to discuss your topic, I have recently downloaded all the necessary stuff to do as you are considering. One thing to be careful of is the fact that Apple from my understanding will give you their wrath if they find out.
Apple software is ONLY to be run on Apple hardware, If they find out (and they have their ways from what I have heard) you instantly banned for life. I guess nothing stopping you starting again, but remember your app is pulled and you kind of couldn't get away with releasing it under a different name account again later on without them knowing?
Click to expand...
Click to collapse
No you guys are right. This is for porting apps across platforms, but people seem to confuse it with ROM porting.
Q. I know pretty much zero about iOS, and generally have always been anti apple. Are you trying to say that using something like j2 on lets say a virtual box on windows, is somehow a detectable and bannable offense in apple land? It's late and i might be just be misreading, but would like to know.
Mostly because i picked up a job on an Android app, and have been talking a bit about putting the app out for iphones after I finish up the android version, but don't really know where to begin.
out of ideas said:
No you guys are right. This is for porting apps across platforms, but people seem to confuse it with ROM porting.
Q. I know pretty much zero about iOS, and generally have always been anti apple. Are you trying to say that using something like j2 on lets say a virtual box on windows, is somehow a detectable and bannable offense in apple land? It's late and i might be just be misreading, but would like to know.
Mostly because i picked up a job on an Android app, and have been talking a bit about putting the app out for iphones after I finish up the android version, but don't really know where to begin.
Click to expand...
Click to collapse
My Research and Understanding
Yes that is exactly what I am saying. To run Apple in a VM is in breach of their TOS and Usage policy. It also entitles them to seek prosecution also; so not just a ban from iTunes. Going by Apples past history I wouldn't put it past them? Although now with Tim Cook in charge of things I think Apple is going about things a bit more differently now? For better or worse (people had their opinions of Steve Jobs - personally I disliked him but did appreciate his success and achievements for what they stacked up to be, personal opinions aside it takes a great person to do such) Apple is starting to become a bit more valued in collaborations as this is what Tim Cook always wanted working for Apple that he was never able to have whilst Steve was the master of the helm. Tim Cook was more about getting the job done and sharing. Steve's ongoing vendetta litigations were not Tim Cooks choice and/or advice. He didn't want such things from what I have read? More recently his involvement in legal matters has been observed as retracted and no confronting; he has proceeded to do these actions as part of Steve Jobs dying wishes and nothing more.
As far as I can tell he wants to nothing more than to get things out of the way and over and done with so that he and his company can move on.
My thoughts on this as an observer in the mobile tech industry is that I think Apple has dropped the ball a bit, and it is probably far too little far too late. However with a company with that much money behind it? There's only speculations about what holds in the future of Apple? They are certainly not going away or going to fall in to ruins that's for certain.
What I mean is that, yes there has been a heap of legal stuff seen by Apple and most of it very negative, but my feeling is that this won't be the case here on into the future, so the likelihood of facing a court for breach of Terms of Use are likely to be very small. I am sure that editing a build.prop is considered a breach of Google's TOS for use of a device in their Playstore?
Suggestions
My suggestion is to give it a try I have had some issues setting up my VM but have got all the necessary resources including all the software. I have just become too busy and it is not high on the priority list at the moment. I wanted to try gain an understanding of how Apple detects it's visitors. I mean iTunes is cross platform Windows and Mac (There is no release for Ubuntu or Linux AFAIK? only Wine type hacks) I know when I visit the iTunes webpage I am automatically prompted to download a Windows installer package. So they must have some form of automatic detection? Being that the likes of Virtualbox uses a shared internet connection I would speculate that you would need to choose the correct adapter settings so that your VM is seen to be a running physical machine and not a able to be identified as a shared connection or virtualised connection?
I didn't get this far as my installation has many issues. I still have the VM though for future interest. Feel free to PM me if you give it a try and don't succeed and I am happy to share what things I discovered in my problem solving.
Understanding Limitations for Cross Platform Mobile Development
As for the porting to OS's I believe there are many offerings around now that provide developers with a cross platform arrangement. Essentially only the UI resources need to change and then that plugs into a framework structure for your application to run in. You compile the code individual applications that are specific to the platform but you ARE able to develop your main code independent of the platforms. Languages such as Flex or Rubi on rails are going to be your best bet from my research?
Things You Should Consider
1. Single code repository
2. Individual application frameworks - compilation of application runtime for independent OS type
3. Limitations are stipulated and governed by what is allow at the lowest possible denominator. i.e. You can only build code into your single code repository that can accessed by the functionality of both(or all) platforms. What I mean is that there is no use building a single code repository that uses a function that is limited on one platform and not the other, another example is restrictions dictated to you by the likes of such companies like Apple. They have a strict guidelines and what is potentially available to you may not be in its context. Just because certain functionality is available to you in the Apple platform and you have even seen it in use on Apple devices does not necessarily mean that you can build and release it. In it's context Apple may not like what you are doing with your app and not approve it.
Your single point of code and it entirety has just shrunk in functionality to both devices now. So be careful and Anticipate what you might think the outcome is for your Application facing such scrutinisation and what it could possibly mean for your project as a whole?
On this note I have heard of developers making scripts and add-ons for their said central repository that allows them to restrict things ats compile time. For instance having greyed out selections in menus and a toast like notification to users like "Sorry this functionality is only available to Android users" and things like that.
Hope this helps contribute towards people considering on such ventures. Do your research. Find out what types of apps have been rejected from being published and find the reasons for why?
lapucele said:
Wondering if it's worthwhile before I invest time in creating a Mac OS X VM + Xcode to port my android apps to iOS.
Click to expand...
Click to collapse
I will check it in next week